Text4Shell Exploit Walkthrough
The “4Shell” Sequel Continues???
Another vulnerability exploiting insecure string substitution in the Java programming language has been found. This time the vulnerability impacts Apache’s Commons Text library which provides APIs for string manipulation. The vulnerability is being tracked as CVE-2022–42889 and has a CVSS critical rating of 9.8. According to researchers, the likelihood of exploitation is much lower than that of the Log4Shell vulnerability because the library must be used in a specific way in order for an attacker to exploit the flaw. With that said, the vulnerability still allows for remote command execution, hence its severity score. In this blog post, I’ll help you setup a Java app vulnerable to Text4Shell and exploit it. Let’s do this!
NOTE: to better understand this exploit, I recommend checking out my Log4Shell exploit walkthrough blog post and the references section.
Setup
Requirements
- Linux Virtual Machine (preferably Ubuntu/Debian based)
- wget, tar, and git should be installed
The following command downloads Java 19.0.1 and Maven 3.8.6 and places them in the /opt
directory, adds the Java and Maven binary paths to your shell’s $PATH
variable, and then sources ~/.profile
. Copy the…